CVE-2024-9676 - Vulnerability Details

CVE-2024-9676 - Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01331.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat Subscribe	Enterprise Linux Subscribe Enterprise Linux Eus Subscribe Enterprise Linux For Arm 64 Subscribe Enterprise Linux For Arm 64 Eus Subscribe Enterprise Linux For Ibm Z Systems Subscribe Enterprise Linux For Ibm Z Systems Eus Subscribe Enterprise Linux For Power Little Endian Subscribe Enterprise Linux For Power Little Endian Eus Subscribe Enterprise Linux Server Aus Subscribe Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Subscribe Ocp Tools Subscribe Openshift Subscribe Openshift Container Platform Subscribe Openshift Container Platform For Arm64 Subscribe Openshift Container Platform For Ibm Z Subscribe Openshift Container Platform For Linuxone Subscribe Openshift Container Platform For Power Subscribe Openshift Ironic Subscribe Quay Subscribe Rhel Eus Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.15:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.16:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.17:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.16:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.16:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.16:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.16:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
container-tools:rhel8-8100020241101101019.afee755d	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:10289	2024-11-26T00:00:00Z
Red Hat Enterprise Linux 9
podman-4:4.9.4-16.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9051	2024-11-11T00:00:00Z
podman-4:5.2.2-9.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9454	2024-11-12T00:00:00Z
buildah-2:1.37.5-1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9459	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
buildah-2:1.33.11-1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2024:9926	2024-11-19T00:00:00Z
Red Hat OpenShift Container Platform 4.12
cri-o-0:1.25.5-30.rhaos4.12.git53dc492.el8	cpe:/a:redhat:openshift:4.12::el8	RHSA-2024:8694	2024-11-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13
cri-o-0:1.26.5-26.rhaos4.13.giteb3d487.el8	cpe:/a:redhat:openshift:4.13::el8	RHSA-2024:8690	2024-11-06T00:00:00Z
Red Hat OpenShift Container Platform 4.14
cri-o-0:1.27.8-12.rhaos4.14.git7597c43.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:8700	2024-11-08T00:00:00Z
openshift4/ose-docker-builder:v4.14.0-202503060906.p0.gb03f3f5.assembly.stream.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2025:2710	2025-03-19T00:00:00Z
Red Hat OpenShift Container Platform 4.15
cri-o-0:1.28.11-5.rhaos4.15.git35a2431.el9	cpe:/a:redhat:openshift:4.15::el8	RHSA-2024:8428	2024-10-31T00:00:00Z
openshift4/ose-docker-builder:v4.15.0-202503060734.p0.gbc0b789.assembly.stream.el8	cpe:/a:redhat:openshift:4.15::el8	RHSA-2025:2454	2025-03-13T00:00:00Z
Red Hat OpenShift Container Platform 4.16
cri-o-0:1.29.9-6.rhaos4.16.gite7bd45a.el8	cpe:/a:redhat:openshift:4.16::el8	RHSA-2024:8418	2024-10-30T00:00:00Z
podman-4:4.9.4-12.rhaos4.16.el8	cpe:/a:redhat:openshift:4.16::el8	RHSA-2024:8686	2024-11-06T00:00:00Z
openshift4/ose-docker-builder-rhel9:v4.16.0-202503121138.p0.g31c3c26.assembly.stream.el9	cpe:/a:redhat:openshift:4.16::el9	RHSA-2025:3301	2025-04-03T00:00:00Z
Red Hat OpenShift Container Platform 4.17
cri-o-0:1.30.6-6.rhaos4.17.git6ac6e96.el8	cpe:/a:redhat:openshift:4.17::el8	RHSA-2024:8437	2024-10-29T00:00:00Z
podman-5:5.2.2-1.rhaos4.17.el8	cpe:/a:redhat:openshift:4.17::el8	RHSA-2024:8984	2024-11-13T00:00:00Z
openshift4/ose-docker-builder-rhel9:v4.17.0-202501281204.p0.ga753153.assembly.stream.el9	cpe:/a:redhat:openshift:4.17::el9	RHSA-2025:0876	2025-02-05T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-50452	A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:10289
https://access.redhat.com/errata/RHSA-2024:8418
https://access.redhat.com/errata/RHSA-2024:8428
https://access.redhat.com/errata/RHSA-2024:8437
https://access.redhat.com/errata/RHSA-2024:8686
https://access.redhat.com/errata/RHSA-2024:8690
https://access.redhat.com/errata/RHSA-2024:8694
https://access.redhat.com/errata/RHSA-2024:8700
https://access.redhat.com/errata/RHSA-2024:8984
https://access.redhat.com/errata/RHSA-2024:9051
https://access.redhat.com/errata/RHSA-2024:9454
https://access.redhat.com/errata/RHSA-2024:9459
https://access.redhat.com/errata/RHSA-2024:9926
https://access.redhat.com/errata/RHSA-2025:0876
https://access.redhat.com/errata/RHSA-2025:2454
https://access.redhat.com/errata/RHSA-2025:2710
https://access.redhat.com/errata/RHSA-2025:3301
https://access.redhat.com/security/cve/CVE-2024-9676
https://bugzilla.redhat.com/show_bug.cgi?id=2317467
https://github.com/advisories/GHSA-wq2p-5pc6-wpgf
https://nvd.nist.gov/vuln/detail/CVE-2024-9676
https://www.cve.org/CVERecord?id=CVE-2024-9676

History

Wed, 16 Jul 2025 22:45:00 +0900

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.027}`	epss `{'score': 0.02089}`

Fri, 11 Jul 2025 22:45:00 +0900

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.02374}`	epss `{'score': 0.027}`

Wed, 21 May 2025 14:45:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10

Thu, 03 Apr 2025 09:45:00 +0900

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:3301

Thu, 20 Mar 2025 08:45:00 +0900

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:2710

Fri, 14 Mar 2025 06:45:00 +0900

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:2454

Fri, 07 Feb 2025 14:00:00 +0900

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:0876

Wed, 27 Nov 2024 11:30:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8

Tue, 26 Nov 2024 17:45:00 +0900

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/a:redhat:enterprise_linux:8::appstream
References		https://access.redhat.com/errata/RHSA-2024:10289

Tue, 26 Nov 2024 05:45:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux Eus Redhat enterprise Linux For Arm 64 Redhat enterprise Linux For Arm 64 Eus Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server Aus Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat openshift Container Platform Redhat openshift Container Platform For Arm64 Redhat openshift Container Platform For Ibm Z Redhat openshift Container Platform For Linuxone Redhat openshift Container Platform For Power
CPEs		cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.13:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.14:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.15:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.16:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.17:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.16:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.12:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.16:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.16:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.16:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:::::::*
Vendors & Products		Redhat enterprise Linux Eus Redhat enterprise Linux For Arm 64 Redhat enterprise Linux For Arm 64 Eus Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server Aus Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat openshift Container Platform Redhat openshift Container Platform For Arm64 Redhat openshift Container Platform For Ibm Z Redhat openshift Container Platform For Linuxone Redhat openshift Container Platform For Power

Mon, 25 Nov 2024 04:45:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.4::appstream
References		https://access.redhat.com/errata/RHSA-2024:9926

Sat, 23 Nov 2024 00:45:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.4
Vendors & Products		Redhat rhel Eus

Wed, 13 Nov 2024 17:00:00 +0900

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2024:8984

Wed, 13 Nov 2024 02:45:00 +0900

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2024:9454 https://access.redhat.com/errata/RHSA-2024:9459

Tue, 12 Nov 2024 11:15:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9

Tue, 12 Nov 2024 02:30:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:openshift:4.14::el9
References		https://access.redhat.com/errata/RHSA-2024:8700 https://access.redhat.com/errata/RHSA-2024:9051

Sat, 09 Nov 2024 11:30:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.14::el8

Thu, 07 Nov 2024 17:00:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.12::el8 cpe:/a:redhat:openshift:4.12::el9 cpe:/a:redhat:openshift_ironic:4.12::el9
References		https://access.redhat.com/errata/RHSA-2024:8694

Thu, 07 Nov 2024 05:00:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.13::el8 cpe:/a:redhat:openshift:4.13::el9
References		https://access.redhat.com/errata/RHSA-2024:8690

Wed, 06 Nov 2024 19:15:00 +0900

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2024:8686

Thu, 31 Oct 2024 14:15:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9
References		https://access.redhat.com/errata/RHSA-2024:8428

Wed, 30 Oct 2024 17:45:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Ironic
CPEs		cpe:/a:redhat:openshift:4.16::el8 cpe:/a:redhat:openshift:4.16::el9 cpe:/a:redhat:openshift:4.17::el9 cpe:/a:redhat:openshift_ironic:4.16::el9
Vendors & Products		Redhat openshift Ironic
References		https://access.redhat.com/errata/RHSA-2024:8418 https://access.redhat.com/errata/RHSA-2024:8437

Wed, 30 Oct 2024 11:30:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.17::el8

Thu, 17 Oct 2024 08:00:00 +0900

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:7~~

Wed, 16 Oct 2024 10:15:00 +0900

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2024-9676 https://www.cve.org/CVERecord?id=CVE-2024-9676
Metrics	threat_severity `None`	threat_severity `Moderate`

Wed, 16 Oct 2024 06:15:00 +0900

Type	Values Removed	Values Added
References		https://github.com/advisories/GHSA-wq2p-5pc6-wpgf

Wed, 16 Oct 2024 01:15:00 +0900

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 16 Oct 2024 00:45:00 +0900

Type	Values Removed	Values Added
Description		A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
Title		Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)
First Time appeared		Redhat Redhat enterprise Linux Redhat ocp Tools Redhat openshift Redhat quay
Weaknesses		CWE-22
CPEs		cpe:/a:redhat:ocp_tools cpe:/a:redhat:openshift:4 cpe:/a:redhat:quay:3 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat ocp Tools Redhat openshift Redhat quay
References		https://access.redhat.com/security/cve/CVE-2024-9676 https://bugzilla.redhat.com/show_bug.cgi?id=2317467
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-10-15T15:27:33.665Z

Updated: 2025-11-20T21:35:32.196Z

Reserved: 2024-10-09T03:02:48.802Z

Link: CVE-2024-9676

Vulnrichment

Updated: 2024-10-15T15:46:12.616Z

NVD

Status : Modified

Published: 2024-10-15T16:15:06.933

Modified: 2025-04-03T02:15:19.877

Link: CVE-2024-9676

Redhat

Severity : Moderate

Publid Date: 2024-10-15T15:00:00Z

Links: CVE-2024-9676 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-22

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object